```html
<!DOCTYPE html>
<html lang="zh-CN">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Linux系统安全与权限管理完全指南</title>
    <link rel="stylesheet" href="https://cdn.staticfile.org/font-awesome/6.4.0/css/all.min.css">
    <link rel="stylesheet" href="https://cdn.staticfile.org/tailwindcss/2.2.19/tailwind.min.css">
    <link href="https://fonts.googleapis.com/css2?family=Noto+Serif+SC:wght@400;500;600;700&family=Noto+Sans+SC:wght@300;400;500;700&display=swap" rel="stylesheet">
    <script src="https://cdn.jsdelivr.net/npm/mermaid@latest/dist/mermaid.min.js"></script>
    <style>
        body {
            font-family: 'Noto Sans SC', Tahoma, Arial, Roboto, "Droid Sans", "Helvetica Neue", "Droid Sans Fallback", "Heiti SC", "Hiragino Sans GB", Simsun, sans-serif;
            color: #333;
            line-height: 1.6;
        }
        h1, h2, h3, h4, h5, h6 {
            font-family: 'Noto Serif SC', serif;
            font-weight: 600;
        }
        .hero-gradient {
            background: linear-gradient(135deg, #4f46e5 0%, #7c3aed 100%);
        }
        .code-block {
            background-color: #2d3748;
            color: #e2e8f0;
            border-radius: 0.5rem;
            box-shadow: 0 4px 6px -1px rgba(0, 0, 0, 0.1), 0 2px 4px -1px rgba(0, 0, 0, 0.06);
        }
        .card-hover:hover {
            transform: translateY(-5px);
            box-shadow: 0 20px 25px -5px rgba(0, 0, 0, 0.1), 0 10px 10px -5px rgba(0, 0, 0, 0.04);
        }
        .icon-rotate:hover i {
            transform: rotate(15deg);
        }
        .permission-pill {
            display: inline-flex;
            align-items: center;
            padding: 0.25rem 0.75rem;
            border-radius: 9999px;
            font-weight: 500;
        }
    </style>
</head>
<body class="bg-gray-50">
    <!-- Hero Section -->
    <section class="hero-gradient text-white pb-20 pt-16 px-4 sm:px-6 lg:px-8">
        <div class="max-w-6xl mx-auto">
            <div class="flex flex-col md:flex-row items-center justify-between">
                <div class="md:w-1/2 mb-10 md:mb-0">
                    <h1 class="text-4xl md:text-5xl font-bold mb-4 leading-tight">Linux系统安全与权限管理完全指南</h1>
                    <p class="text-xl text-blue-100 mb-8">掌握Linux安全机制，构建坚如磐石的企业级应用环境</p>
                    <div class="flex flex-wrap gap-3 mb-8">
                        <span class="bg-blue-600 bg-opacity-70 px-4 py-2 rounded-lg flex items-center">
                            <i class="fas fa-lock mr-2"></i> 权限管理
                        </span>
                        <span class="bg-purple-600 bg-opacity-70 px-4 py-2 rounded-lg flex items-center">
                            <i class="fas fa-shield-alt mr-2"></i> SELinux
                        </span>
                        <span class="bg-indigo-600 bg-opacity-70 px-4 py-2 rounded-lg flex items-center">
                            <i class="fas fa-fire mr-2"></i> 防火墙
                        </span>
                    </div>
                </div>
                <div class="md:w-1/2">
                    <div class="relative">
                        <div class="absolute -top-10 -left-10 w-32 h-32 bg-purple-500 rounded-full mix-blend-multiply filter blur-xl opacity-70"></div>
                        <div class="absolute -bottom-10 -right-10 w-32 h-32 bg-indigo-500 rounded-full mix-blend-multiply filter blur-xl opacity-70"></div>
                        <div class="relative bg-white bg-opacity-10 backdrop-filter backdrop-blur-sm rounded-2xl p-6 shadow-xl">
                            <div class="text-sm font-mono text-blue-100 mb-2">$ ls -l webapp.jar</div>
                            <div class="text-lg font-mono mb-4">-rwxr-xr-- 1 javaapp devops 15M Sep 1 10:00 webapp.jar</div>
                            <div class="grid grid-cols-3 gap-4">
                                <div class="bg-blue-600 bg-opacity-30 p-3 rounded-lg">
                                    <div class="font-bold mb-1">用户</div>
                                    <div class="flex">
                                        <span class="permission-pill bg-green-500 mr-1">r</span>
                                        <span class="permission-pill bg-green-500 mr-1">w</span>
                                        <span class="permission-pill bg-green-500">x</span>
                                    </div>
                                </div>
                                <div class="bg-purple-600 bg-opacity-30 p-3 rounded-lg">
                                    <div class="font-bold mb-1">组</div>
                                    <div class="flex">
                                        <span class="permission-pill bg-green-500 mr-1">r</span>
                                        <span class="permission-pill bg-gray-500 mr-1">-</span>
                                        <span class="permission-pill bg-green-500">x</span>
                                    </div>
                                </div>
                                <div class="bg-indigo-600 bg-opacity-30 p-3 rounded-lg">
                                    <div class="font-bold mb-1">其他</div>
                                    <div class="flex">
                                        <span class="permission-pill bg-green-500 mr-1">r</span>
                                        <span class="permission-pill bg-gray-500 mr-1">-</span>
                                        <span class="permission-pill bg-gray-500">-</span>
                                    </div>
                                </div>
                            </div>
                        </div>
                    </div>
                </div>
            </div>
        </div>
    </section>

    <!-- Main Content -->
    <main class="max-w-6xl mx-auto px-4 sm:px-6 lg:px-8 py-12">
        <!-- Section 1 -->
        <section class="mb-20">
            <div class="flex items-center mb-8">
                <div class="bg-blue-100 text-blue-800 w-12 h-12 rounded-full flex items-center justify-center mr-4">
                    <i class="fas fa-key text-xl"></i>
                </div>
                <h2 class="text-3xl font-bold">一、权限管理基础：文件系统的钥匙系统</h2>
            </div>
            
            <div class="grid md:grid-cols-2 gap-8">
                <div>
                    <h3 class="text-2xl font-semibold mb-4 flex items-center">
                        <span class="bg-blue-500 text-white w-8 h-8 rounded-full flex items-center justify-center mr-3 text-sm">1.1</span>
                        三位一体的权限模型
                    </h3>
                    <p class="text-gray-700 mb-6">Linux权限系统如同保险箱的三位密码锁，通过精确控制确保系统安全：</p>
                    
                    <div class="bg-blue-50 border-l-4 border-blue-500 p-4 mb-6 rounded-r-lg">
                        <div class="flex items-start mb-3">
                            <i class="fas fa-user text-blue-500 mr-3 mt-1"></i>
                            <div>
                                <h4 class="font-semibold text-blue-800">用户权限（User）</h4>
                                <p class="text-gray-700">文件所有者拥有的权限</p>
                            </div>
                        </div>
                        <div class="flex items-start mb-3">
                            <i class="fas fa-users text-purple-500 mr-3 mt-1"></i>
                            <div>
                                <h4 class="font-semibold text-purple-800">组权限（Group）</h4>
                                <p class="text-gray-700">文件所属用户组拥有的权限</p>
                            </div>
                        </div>
                        <div class="flex items-start">
                            <i class="fas fa-globe text-indigo-500 mr-3 mt-1"></i>
                            <div>
                                <h4 class="font-semibold text-indigo-800">其他用户（Others）</h4>
                                <p class="text-gray-700">系统中其他所有用户拥有的权限</p>
                            </div>
                        </div>
                    </div>
                    
                    <div class="code-block p-4 mb-6">
                        <div class="text-gray-400 text-sm mb-2">查看权限的典型输出：</div>
                        <div class="text-green-400">$ ls -l webapp.jar</div>
                        <div class="text-gray-300">-rwxr-xr-- 1 javaapp devops 15M Sep 1 10:00 webapp.jar</div>
                    </div>
                </div>
                
                <div>
                    <h3 class="text-2xl font-semibold mb-4 flex items-center">
                        <span class="bg-blue-500 text-white w-8 h-8 rounded-full flex items-center justify-center mr-3 text-sm">1.2</span>
                        权限实战：部署Java应用
                    </h3>
                    
                    <p class="text-gray-700 mb-4">部署Spring Boot应用时常见的权限管理问题及解决方案：</p>
                    
                    <div class="bg-red-50 border-l-4 border-red-500 p-4 mb-6 rounded-r-lg">
                        <h4 class="font-semibold text-red-800 mb-2 flex items-center">
                            <i class="fas fa-exclamation-triangle mr-2"></i> 错误示范
                        </h4>
                        <div class="code-block p-4">
                            <div class="text-red-400">chmod 777 webapp.jar <span class="text-gray-400"># 危险的全开放权限</span></div>
                        </div>
                        <p class="text-gray-700 mt-2">这将使所有用户对文件拥有完全控制权，存在严重安全隐患。</p>
                    </div>
                    
                    <div class="bg-green-50 border-l-4 border-green-500 p-4 rounded-r-lg">
                        <h4 class="font-semibold text-green-800 mb-2 flex items-center">
                            <i class="fas fa-check-circle mr-2"></i> 正确操作
                        </h4>
                        <div class="code-block p-4">
                            <div class="text-green-400">sudo useradd -m -s /bin/bash javaapp</div>
                            <div class="text-green-400">sudo chown javaapp:devops webapp.jar</div>
                            <div class="text-green-400">sudo chmod 750 webapp.jar <span class="text-gray-400"># 用户：rwx，组：r-x，其他：无权限</span></div>
                        </div>
                        <p class="text-gray-700 mt-2">遵循最小权限原则，只授予必要的访问权限。</p>
                    </div>
                </div>
            </div>
        </section>
        
        <!-- Section 2 -->
        <section class="mb-20">
            <div class="flex items-center mb-8">
                <div class="bg-purple-100 text-purple-800 w-12 h-12 rounded-full flex items-center justify-center mr-4">
                    <i class="fas fa-expand text-xl"></i>
                </div>
                <h2 class="text-3xl font-bold">二、高级权限控制：ACL扩展权限</h2>
            </div>
            
            <div class="grid md:grid-cols-2 gap-8">
                <div>
                    <h3 class="text-2xl font-semibold mb-4 flex items-center">
                        <span class="bg-purple-500 text-white w-8 h-8 rounded-full flex items-center justify-center mr-3 text-sm">2.1</span>
                        ACL应用场景
                    </h3>
                    <p class="text-gray-700 mb-6">当需要为特定用户单独授权时，传统权限模型无法满足需求：</p>
                    
                    <div class="bg-purple-50 border-l-4 border-purple-500 p-4 rounded-r-lg">
                        <h4 class="font-semibold text-purple-800 mb-2">案例：允许审计员查看日志文件</h4>
                        <div class="code-block p-4 mb-3">
                            <div class="text-purple-400">setfacl -m u:auditor:r /var/log/javaapp.log</div>
                            <div class="text-purple-400">getfacl /var/log/javaapp.log</div>
                            <div class="text-gray-300"># 输出：</div>
                            <div class="text-gray-300"># user:auditor:r--</div>
                        </div>
                        <p class="text-gray-700">ACL允许我们为特定用户设置细粒度的权限，而无需修改文件所属组。</p>
                    </div>
                </div>
                
                <div>
                    <h3 class="text-2xl font-semibold mb-4 flex items-center">
                        <span class="bg-purple-500 text-white w-8 h-8 rounded-full flex items-center justify-center mr-3 text-sm">2.2</span>
                        批量权限管理技巧
                    </h3>
                    
                    <p class="text-gray-700 mb-6">使用参考ACL可以快速复制权限配置到多个文件或目录：</p>
                    
                    <div class="code-block p-4 mb-6">
                        <div class="text-purple-400">setfacl -R --reference=template_dir target_dir</div>
                    </div>
                    
                    <div class="bg-blue-50 p-4 rounded-lg">
                        <h4 class="font-semibold text-blue-800 mb-2 flex items-center">
                            <i class="fas fa-lightbulb mr-2"></i> 使用技巧
                        </h4>
                        <ul class="list-disc pl-5 text-gray-700 space-y-2">
                            <li>使用<code class="bg-gray-100 px-1 rounded">-R</code>参数递归应用权限</li>
                            <li>先在一个目录设置好ACL作为模板</li>
                            <li>使用<code class="bg-gray-100 px-1 rounded">--reference</code>参数复制ACL设置</li>
                            <li>定期使用<code class="bg-gray-100 px-1 rounded">getfacl</code>检查权限设置</li>
                        </ul>
                    </div>
                </div>
            </div>
        </section>
        
        <!-- Section 3 -->
        <section class="mb-20">
            <div class="flex items-center mb-8">
                <div class="bg-indigo-100 text-indigo-800 w-12 h-12 rounded-full flex items-center justify-center mr-4">
                    <i class="fas fa-shield-alt text-xl"></i>
                </div>
                <h2 class="text-3xl font-bold">三、SELinux：系统安全的最后防线</h2>
            </div>
            
            <div class="grid md:grid-cols-2 gap-8">
                <div>
                    <h3 class="text-2xl font-semibold mb-4 flex items-center">
                        <span class="bg-indigo-500 text-white w-8 h-8 rounded-full flex items-center justify-center mr-3 text-sm">3.1</span>
                        安全上下文解密
                    </h3>
                    
                    <div class="code-block p-4 mb-6">
                        <div class="text-indigo-400">ps -eZ | grep java</div>
                        <div class="text-gray-300">system_u:system_r:tomcat_t:s0 1234 ? 00:00:05 java</div>
                    </div>
                    
                    <div class="grid grid-cols-2 gap-4">
                        <div class="bg-indigo-50 p-4 rounded-lg">
                            <h4 class="font-semibold text-indigo-800 mb-1">用户</h4>
                            <p class="text-gray-700">system_u</p>
                        </div>
                        <div class="bg-indigo-50 p-4 rounded-lg">
                            <h4 class="font-semibold text-indigo-800 mb-1">角色</h4>
                            <p class="text-gray-700">system_r</p>
                        </div>
                        <div class="bg-indigo-50 p-4 rounded-lg">
                            <h4 class="font-semibold text-indigo-800 mb-1">类型</h4>
                            <p class="text-gray-700">tomcat_t</p>
                        </div>
                        <div class="bg-indigo-50 p-4 rounded-lg">
                            <h4 class="font-semibold text-indigo-800 mb-1">级别</h4>
                            <p class="text-gray-700">s0</p>
                        </div>
                    </div>
                </div>
                
                <div>
                    <h3 class="text-2xl font-semibold mb-4 flex items-center">
                        <span class="bg-indigo-500 text-white w-8 h-8 rounded-full flex items-center justify-center mr-3 text-sm">3.2</span>
                        企业级SELinux配置案例
                    </h3>
                    
                    <div class="bg-indigo-50 border-l-4 border-indigo-500 p-4 rounded-r-lg mb-6">
                        <h4 class="font-semibold text-indigo-800 mb-2">问题：Java应用无法访问非标准端口8081</h4>
                        <div class="code-block p-4">
                            <div class="text-indigo-400">semanage port -a -t http_port_t -p tcp 8081</div>
                        </div>
                    </div>
                    
                    <div class="bg-yellow-50 border-l-4 border-yellow-500 p-4 rounded-r-lg">
                        <h4 class="font-semibold text-yellow-800 mb-2 flex items-center">
                            <i class="fas fa-exclamation-circle mr-2"></i> 注意事项
                        </h4>
                        <ul class="list-disc pl-5 text-gray-700 space-y-1">
                            <li>使用<code class="bg-gray-100 px-1 rounded">semanage</code>修改策略，而非直接编辑文件</li>
                            <li>添加<code class="bg-gray-100 px-1 rounded">-a</code>参数表示添加新规则</li>
                            <li><code class="bg-gray-100 px-1 rounded">-t</code>指定类型，<code class="bg-gray-100 px-1 rounded">-p</code>指定协议</li>
                            <li>修改后不需要重启服务</li>
                        </ul>
                    </div>
                </div>
            </div>
        </section>
        
        <!-- Section 4 -->
        <section class="mb-20">
            <div class="flex items-center mb-8">
                <div class="bg-yellow-100 text-yellow-800 w-12 h-12 rounded-full flex items-center justify-center mr-4">
                    <i class="fas fa-cogs text-xl"></i>
                </div>
                <h2 class="text-3xl font-bold">四、SELinux实战：策略定制开发</h2>
            </div>
            
            <div class="grid md:grid-cols-2 gap-8">
                <div>
                    <h3 class="text-2xl font-semibold mb-4 flex items-center">
                        <span class="bg-yellow-500 text-white w-8 h-8 rounded-full flex items-center justify-center mr-3 text-sm">4.1</span>
                        自定义策略模块开发
                    </h3>
                    
                    <p class="text-gray-700 mb-4">场景：允许自定义服务访问数据库</p>
                    
                    <div class="code-block p-4 mb-4">
                        <div class="text-yellow-400">1. 生成.te策略文件：</div>
                        <div class="text-yellow-400">audit2allow -i audit.log > myapp.te</div>
                        <div class="mt-3 text-yellow-400">2. 编译安装模块：</div>
                        <div class="text-yellow-400">checkmodule -M -m -o myapp.mod myapp.te</div>
                        <div class="text-yellow-400">semodule_package -o myapp.pp -m myapp.mod</div>
                        <div class="text-yellow-400">semodule -i myapp.pp</div>
                    </div>
                    
                    <div class="bg-blue-50 p-4 rounded-lg">
                        <h4 class="font-semibold text-blue-800 mb-2 flex items-center">
                            <i class="fas fa-info-circle mr-2"></i> 流程说明
                        </h4>
                        <ol class="list-decimal pl-5 text-gray-700 space-y-1">
                            <li>从审计日志生成策略模板</li>
                            <li>编译策略模块</li>
                            <li>打包策略模块</li>
                            <li>安装策略模块</li>
                        </ol>
                    </div>
                </div>
                
                <div>
                    <h3 class="text-2xl font-semibold mb-4 flex items-center">
                        <span class="bg-yellow-500 text-white w-8 h-8 rounded-full flex items-center justify-center mr-3 text-sm">4.2</span>
                        应急处理技巧
                    </h3>
                    
                    <div class="bg-red-50 border-l-4 border-red-500 p-4 rounded-r-lg mb-6">
                        <h4 class="font-semibold text-red-800 mb-2 flex items-center">
                            <i class="fas fa-skull-crossbones mr-2"></i> 生产环境慎用
                        </h4>
                        <div class="code-block p-4">
                            <div class="text-red-400">setenforce 0 <span class="text-gray-400"># 切换为Permissive模式</span></div>
                        </div>
                        <p class="text-gray-700 mt-2">Permissive模式下SELinux会记录违规但不阻止，仅用于临时调试。</p>
                    </div>
                    
                    <div class="bg-green-50 border-l-4 border-green-500 p-4 rounded-r-lg">
                        <h4 class="font-semibold text-green-800 mb-2 flex items-center">
                            <i class="fas fa-search mr-2"></i> 排错建议
                        </h4>
                        <ul class="list-disc pl-5 text-gray-700 space-y-1">
                            <li>使用<code class="bg-gray-100 px-1 rounded">audit2why</code>分析拒绝消息</li>
                            <li>检查<code class="bg-gray-100 px-1 rounded">/var/log/audit/audit.log</code></li>
                            <li>临时设为Permissive模式调试</li>
                            <li>使用<code class="bg-gray-100 px-1 rounded">sealert</code>获取详细分析</li>
                        </ul>
                    </div>
                </div>
            </div>
        </section>
        
        <!-- Section 5 -->
        <section class="mb-20">
            <div class="flex items-center mb-8">
                <div class="bg-red-100 text-red-800 w-12 h-12 rounded-full flex items-center justify-center mr-4">
                    <i class="fas fa-fire text-xl"></i>
                </div>
                <h2 class="text-3xl font-bold">五、防火墙配置：网络流量的交通警察</h2>
            </div>
            
            <div class="grid md:grid-cols-2 gap-8">
                <div>
                    <h3 class="text-2xl font-semibold mb-4 flex items-center">
                        <span class="bg-red-500 text-white w-8 h-8 rounded-full flex items-center justify-center mr-3 text-sm">5.1</span>
                        firewalld核心概念
                    </h3>
                    
                    <div class="overflow-x-auto">
                        <table class="min-w-full bg-white rounded-lg overflow-hidden">
                            <thead class="bg-red-50">
                                <tr>
                                    <th class="py-3 px-4 text-left text-red-800 font-semibold">区域类型</th>
                                    <th class="py-3 px-4 text-left text-red-800 font-semibold">适用场景</th>
                                </tr>
                            </thead>
                            <tbody class="divide-y divide-gray-200">
                                <tr>
                                    <td class="py-3 px-4 font-medium">public</td>
                                    <td class="py-3 px-4 text-gray-700">公共网络（默认）</td>
                                </tr>
                                <tr class="bg-gray-50">
                                    <td class="py-3 px-4 font-medium">internal</td>
                                    <td class="py-3 px-4 text-gray-700">内网环境</td>
                                </tr>
                                <tr>
                                    <td class="py-3 px-4 font-medium">dmz</td>
                                    <td class="py-3 px-4 text-gray-700">隔离区服务器</td>
                                </tr>
                                <tr class="bg-gray-50">
                                    <td class="py-3 px-4 font-medium">drop</td>
                                    <td class="py-3 px-4 text-gray-700">丢弃所有入站流量</td>
                                </tr>
                            </tbody>
                        </table>
                    </div>
                </div>
                
                <div>
                    <h3 class="text-2xl font-semibold mb-4 flex items-center">
                        <span class="bg-red-500 text-white w-8 h-8 rounded-full flex items-center justify-center mr-3 text-sm">5.2</span>
                        Java应用防火墙配置
                    </h3>
                    
                    <div class="mb-6">
                        <p class="text-gray-700 mb-2">开放Spring Boot默认端口：</p>
                        <div class="code-block p-4">
                            <div class="text-red-400">firewall-cmd --permanent --add-port=8080/tcp</div>
                            <div class="text-red-400">firewall-cmd --reload</div>
                        </div>
                    </div>
                    
                    <div>
                        <p class="text-gray-700 mb-2">高级配置：限制访问来源</p>
                        <div class="code-block p-4">
                            <div class="text-red-400">firewall-cmd --permanent --add-rich-rule='</div>
                            <div class="text-red-400 ml-4">rule family="ipv4"</div>
                            <div class="text-red-400 ml-4">source address="192.168.1.0/24"</div>
                            <div class="text-red-400 ml-4">port protocol="tcp" port="8080" accept'</div>
                        </div>
                    </div>
                </div>
            </div>
        </section>
        
        <!-- Section 6 -->
        <section class="mb-20">
            <div class="flex items-center mb-8">
                <div class="bg-green-100 text-green-800 w-12 h-12 rounded-full flex items-center justify-center mr-4">
                    <i class="fas fa-project-diagram text-xl"></i>
                </div>
                <h2 class="text-3xl font-bold">六、综合实战：构建安全的企业级Java应用</h2>
            </div>
            
            <div class="grid md:grid-cols-2 gap-8">
                <div>
                    <h3 class="text-2xl font-semibold mb-4 flex items-center">
                        <span class="bg-green-500 text-white w-8 h-8 rounded-full flex items-center justify-center mr-3 text-sm">6.1</span>
                        项目需求
                    </h3>
                    
                    <ul class="list-disc pl-5 text-gray-700 space-y-2 mb-6">
                        <li>部署Java应用（端口8080）</li>
                        <li>仅允许内网访问</li>
                        <li>日志目录需要审计员访问</li>
                        <li>需要访问非标准数据库端口3307</li>
                    </ul>
                    
                    <h3 class="text-2xl font-semibold mb-4 flex items-center">
                        <span class="bg-green-500 text-white w-8 h-8 rounded-full flex items-center justify-center mr-3 text-sm">6.2</span>
                        实施步骤
                    </h3>
                    
                    <div class="border-l-4 border-green-500 pl-4 mb-6">
                        <h4 class="font-semibold text-green-800 mb-2">步骤1：文件权限设置</h4>
                        <div class="code-block p-4">
                            <div class="text-green-400">mkdir -p /opt/javaapp/{bin,logs}</div>
                            <div class="text-green-400">chown javaapp:devops /opt/javaapp -R</div>
                            <div class="text-green-400">setfacl -m u:auditor:rx /opt/javaapp/logs</div>
                        </div>
                    </div>
                    
                    <div class="border-l-4 border-green-500 pl-4 mb-6">
                        <h4 class="font-semibold text-green-800 mb-2">步骤2：SELinux配置</h4>
                        <div class="code-block p-4">
                            <div class="text-green-400">semanage port -a -t mysqld_port_t -p tcp 3307</div>
                            <div class="text-green-400">semanage fcontext -a -t httpd_sys_content_t "/opt/javaapp/logs(/.*)?"</div>
                            <div class="text-green-400">restorecon -Rv /opt/javaapp</div>
                        </div>
                    </div>
                    
                    <div class="border-l-4 border-green-500 pl-4">
                        <h4 class="font-semibold text-green-800 mb-2">步骤3：防火墙配置</h4>
                        <div class="code-block p-4">
                            <div class="text-green-400">firewall-cmd --permanent --zone=internal \</div>
                            <div class="text-green-400 ml-4">--add-service=http \</div>
                            <div class="text-green-400 ml-4">--add-port=3307/tcp \</div>
                            <div class="text-green-400 ml-4">--add-source=192.168.1.0/24</div>
                            <div class="text-green-400">firewall-cmd --reload</div>
                        </div>
                    </div>
                </div>
                
                <div>
                    <h3 class="text-2xl font-semibold mb-4 flex items-center">
                        <span class="bg-green-500 text-white w-8 h-8 rounded-full flex items-center justify-center mr-3 text-sm">6.3</span>
                        安全加固检查清单
                    </h3>
                    
                    <div class="bg-white rounded-lg shadow-md overflow-hidden">
                        <div class="p-5">
                            <div class="flex items-start mb-4">
                                <div class="bg-green-100 text-green-800 rounded-full p-2 mr-3">
                                    <i class="fas fa-check-circle"></i>
                                </div>
                                <div>
                                    <h4 class="font-semibold">使用最小权限原则</h4>
                                    <p class="text-gray-700 text-sm">只授予必要的权限，避免过度授权</p>
                                </div>
                            </div>
                            
                            <div class="flex items-start mb-4">
                                <div class="bg-green-100 text-green-800 rounded-full p-2 mr-3">
                                    <i class="fas fa-check-circle"></i>
                                </div>
                                <div>
                                    <h4 class="font-semibold">定期审计sudo权限</h4>
                                    <p class="text-gray-700 text-sm">检查/etc/sudoers文件，移除不必要的权限</p>
                                </div>
                            </div>
                            
                            <div class="flex items-start mb-4">
                                <div class="bg-green-100 text-green-800 rounded-full p-2 mr-3">
                                    <i class="fas fa-check-circle"></i>
                                </div>
                                <div>
                                    <h4 class="font-semibold">启用SELinux enforcing模式</h4>
                                    <p class="text-gray-700 text-sm">生产环境应保持强制模式运行</p>
                                </div>
                            </div>
                            
                            <div class="flex items-start mb-4">
                                <div class="bg-green-100 text-green-800 rounded-full p-2 mr-3">
                                    <i class="fas fa-check-circle"></i>
                                </div>
                                <div>
                                    <h4 class="font-semibold">配置防火墙日志监控</h4>
                                    <p class="text-gray-700 text-sm">记录并分析异常连接尝试</p>
                                </div>
                            </div>
                            
                            <div class="flex items-start mb-4">
                                <div class="bg-green-100 text-green-800 rounded-full p-2 mr-3">
                                    <i class="fas fa-check-circle"></i>
                                </div>
                                <div>
                                    <h4 class="font-semibold">设置SSH双重认证</h4>
                                    <p class="text-gray-700 text-sm">使用公钥+密码或OTP增强SSH安全</p>
                                </div>
                            </div>
                            
                            <div class="flex items-start">
                                <div class="bg-green-100 text-green-800 rounded-full p-2 mr-3">
                                    <i class="fas fa-check-circle"></i>
                                </div>
                                <div>
                                    <h4 class="font-semibold">实施自动化安全扫描</h4>
                                    <p class="text-gray-700 text-sm">定期使用工具检查系统漏洞</p>
                                </div>
                            </div>
                        </div>
                    </div>
                </div>
            </div>
        </section>
        
        <!-- Visualization Section -->
        <section class="mb-20">
            <h2 class="text-3xl font-bold mb-8 text-center">Linux安全机制关系图</h2>
            
            <div class="bg-white p-6 rounded-xl shadow-lg">
                <div class="mermaid">
                    graph TD
                    A[Linux安全体系] --> B[文件权限]
                    A --> C[SELinux]
                    A --> D[防火墙]
                    
                    B --> B1[用户权限]
                    B --> B2[组权限]
                    B --> B3[其他权限]
                    B --> B4[ACL]
                    
                    C --> C1[安全上下文]
                    C --> C2[策略模块]
                    C --> C3[布尔值]
                    
                    D --> D1[区域管理]
                    D --> D2[端口控制]
                    D --> D3[服务管理]
                    D --> D4[富规则]
                    
                    style A fill:#4f46e5,color:white,stroke-width:0
                    style B fill:#7c3aed,color:white,stroke-width:0
                    style C fill:#6d28d9,color:white,stroke-width:0
                    style D fill:#8b5cf6,color:white,stroke-width:0
                    
                    style B1 fill:#4f46e550,stroke:#7c3aed
                    style B2 fill:#4f46e550,stroke:#7c3aed
                    style B3 fill:#4f46e550,stroke:#7c3aed
                    style B4 fill:#4f46e550,stroke:#7c3aed
                    
                    style C1 fill:#6d28d950,stroke:#6d28d9
                    style C2 fill:#6d28d950,stroke:#6d28d9
                    style C3 fill:#6d28d950,stroke:#6d28d9
                    
                    style D1 fill:#8b5cf650,stroke:#8b5cf6
                    style D2 fill:#8b5cf650,stroke:#8b5cf6
                    style D3 fill:#8b5cf650,stroke:#8b5cf6
                    style D4 fill:#8b5cf650,stroke:#8b5cf6
                </div>
            </div>
        </section>
    </main>

    <!-- Footer -->
    <footer class="bg-gray-900 text-gray-300 py-8">
        <div class="max-w-6xl mx-auto px-4 sm:px-6 lg:px-8">
            <div class="flex flex-col md:flex-row justify-between items-center">
                <div class="mb-4 md:mb-0">
                    <h3 class="text-xl font-bold text-white mb-1">技术小馆</h3>
                    <a href="http://www.yuque.com/jtostring" class="text-blue-400 hover:text-blue-300 transition-colors">
                        <i class="fas fa-external-link-alt mr-1"></i> http://www.yuque.com/jtostring
                    </a>
                </div>
                <div class="flex space-x-6">
                    <a href="#" class="text-gray-400 hover:text-white transition-colors">
                        <i class="fab fa-github text-xl"></i>
                    </a>
                    <a href="#" class="text-gray-400 hover:text-white transition-colors">
                        <i class="fab fa-twitter text-xl"></i>
                    </a>
                    <a href="#" class="text-gray-400 hover:text-white transition-colors">
                        <i class="fab fa-linkedin text-xl"></i>
                    </a>
                </div>
            </div>
            <div class="mt-8 pt-8 border-t border-gray-800 text-sm text-gray-500 text-center">
                &copy; 2023 技术小馆. 保留所有权利.
            </div>
        </div>
    </footer>

    <script>
        mermaid.initialize({
            startOnLoad: true,
            theme: 'default',
            flowchart: {
                useMaxWidth: true,
                htmlLabels: true,
                curve: 'basis'
            }
        });
    </script>
</body>
</html>
```